GitOps in a simple Web UI? Manage Kubernetes with Portainer

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

since i started to work with kubernetes i always searched for new management tools and because i'm a huge fan of portena which i've been using for quite a while on my docker servers i thought i'd give it a go and try it out on kubernetes as well because i love to use the terminal and tools like cube cdl or helm but sometimes it's just nice to have a visual way of managing infrastructure and portena is a fantastic tool to manage container environments with a friendly and intuitive ui i've deployed it on my kubernetes cluster in the cloud and i just wanted to give you some of my thoughts on it and show what you can use for taina for because it has some very interesting and innovative features but also where it still might need some improvements just note we're only talking about the free community version because this is a version that i've tested so far and if you want to follow along and test and try out portena but you need a kubernetes cluster to test it which service could be better for you than cbo sivo is a cloud native service provider and makes it extremely easy to spin up your own kubernetes cluster in just about 90 seconds sivo offers you flexible and fair pricing for kubernetes linux machines and storage which you can easily manage through their web interface an api a cli and automation tools they also have excellent support in a very supportive community so if you want to test and try out cevo then just use their free credits when you sign up that gives you enough time to check it out of course you will find a link to their website in the description down below so when you want to use portena to manage a kubernetes cluster first of all you need to decide where you want to install it so you can install portena directly on that kubernetes cluster you want to manage but you could also install that somewhere else and manage remote kubernetes clusters in the past i've used portena to manage my local docker containers in my home lab but now i want to install that on my kubernetes cluster in the cloud we have two main possibilities to approach this so first of all you could just use the kubernetes manifests to deploy all the different kubernetes resources that portainer needs so portena has some great manifest example files that you can use to customize but i believe it will be easier when i use the helm package manager because then i can just install and run pertainer with a few commands to install portena on my kubernetes cluster i first of all went on the official documentation page docs.portena.io and set up a new portena server installation on kubernetes so then in the install pertainer with kubernetes on your self-managed infrastructure guide you will find more information about data persistence and how to install that with helm and the first thing that you should always do is you should check if you have a storage class on your kubernetes cluster that allows you to store the data in persistent volumes so when you run your kubernetes cluster on cvu that should be already the default and if you've done that you can then deploy pertainer using the helm package manager so first of all add the portena repository to your home package manager installation and update all your repositories so this is important because otherwise you're probably not using the latest helm charts and then you can decide if you want to expose the portena web ui via a node port an ingress or a load balancer object so what you should choose here highly depends on your own environment and setup i've decided to go with the load balancer object because this is probably the easiest way to get it working very quickly because it automatically creates a new service object from the type load balancer where you should get a public ip address for your kubernetes cluster and it exposes the pertainers web ui on port 9000 for http and port 9443 for https connections so once portena was deployed by the hand package manager you should query your service objects and copy the external ip address from your load balancers object open a new browser window and initiate an https connection on the port 94 for free and you should get the connection to the portena's web interface so note you will always see a certification warning because pertainer is using self-signed certificates which are generally not trusted by your browser so you just need to proceed to that connection set up a secure password for your admin user and then proceed with using the local environment which portena is running in so this will initiate a connection from the potatoes web ui to the local kubernetes cluster where it's running and you can start managing your kubernetes cluster with pertainer okay so i got it working it was very very simple to deploy it via a load balancer so you know could probably question this so if a load balancer object is really the right way to expose it because you're not using any trusted ssl certificates and you also are exposing it directly with an unencrypted port 9000 which is still there even if you don't use it so what you should at least do is you should create some firewall rules which should only permit access to those administrative interfaces on the https port and you might also think about limit this down to just a few ip addresses that you're using so you could also think about exposing this with an ingress object but that also requires you to have that prepared so you should have an ingress controller running on your kubernetes cluster that can be nginx or it can be traffic by the way i also did a video about a traffic setting up on kubernetes so you could use that to expose uh portena web interface with trusted ssl certificates or you could think about using the application protection of teleport which i also recently made a video about because teleport can act as a jump host and as a reverse proxy when you deploy the teleport agent inside the kubernetes cluster so with that you could also restrict the access to it and protect this also with two-factor authentication it's pretty interesting but i believe it should be a great idea to make a separate video on protecting administrative web interfaces on kubernetes and how to expose them properly or how to protect them with open source tools because i believe this is something that you should be really careful about whenever you're using or exposing administrative interfaces to the public internet latest version of portena introduced a lot of great new features and the most exciting part for me personally is the dark mode i know this might be a meme that it guys love the dark mode but come on it just looks better so when you connected your kubernetes cluster and enabled the dark mode then you can start managing your resources and what i absolutely love about pertainer is the intuitive ui so once you log in you know immediately where to find all the resources and how to edit them you can create and edit namespaces you can edit and create application deployments and also configure config maps secrets and persistent volumes one thing that has been recently added in the latest version is the ability to install helm charts and this is a really nice feature for me because the helm package manager is a tool that i use the most to deploy my applications it is very straightforward to install a helm chart you just need to select your chart from the repository you want to use and then you also have the ability to customize any of the default values before you install the chart and that's extremely useful in my opinion because you can directly inspect all the default values that you can customize although this is the first version of the helm integration in portena it works already pretty well but i'd like to see an option to manage existing helm charts after the installation so there's currently no option to edit any existing helm installations because they always show up like a regular deployment in the application menu you can then just edit the resources but not the chart as a whole and it would have been nice if botana still would give you that ability to edit install charts like you can do with the helm cli tool and do things like upgrades with different values or roll backs but maybe they will add it in the future version because this is a brand new function of portena and they might make some changes on it the other way to deploy resources is the application menu and this gives you a nice overview of all your resources like parts deployments daemon sets port mappings and so on i know exactly what is going on on the server in in which namespace my resources are running what is the status and so on you can create new applications with the form and that makes it very easy for people who aren't fluent in cubectl so this gives you most of the options you're looking for when deploying resources but you still could also upload any manifest files in the kubernetes format or use existing docker compose templates so using docker compose templates is a feature that i've personally not tested because when i deploy kubernetes resources i always just use the kubernetes forward but i believe this could be very handy for people who just want to play around with kubernetes but want to use the existing darker composed templates they created on a darker server before portena will automatically translate these docker compose files into kubernetes manifests and deploy them just like usual kubernetes resources however something that still seems a little bit awkward to me is the feature of ingress important so you first need to enable it in the cluster setup menu and then enable the feature allow users to use an external load balancer then you can configure your ingress controller like nginx or traffic please note the traffic is still experimental but it did work in all of my cases even though the configuration is a little bit unintuitive to be honest first you need to enable the ingress feature on every namespace otherwise you can't use it at all and then you need to add all the host names you want to enable in that particular namespace next you can go into your application deployment and enable publishing for these applications and then you should see the button ingress on your application deployments once you are in the correct namespace then you can select a container port and configure an ingress object for your application but what's really annoying is that you can just choose the host names you have configured in the namespace before you can't even add a subdomain in that menu without going back to the namespace at the subdomain and yeah so you can see it's is a little bit confusing i think i know why they went with that decision because this would give super administrative users in pertainer the ability to limit the host names or somehow control how the teams can use ingress within their own namespaces they have access to so that not every admin can just expose any application with any hostname it kind of makes sense in that case but for me personally it would have been easier to just add another menu point that's called ingress on the left menu and then allow users to manage their ingress objects just from there just an idea but apart from that all the other features in pertainer for kubernetes are very straightforward and easy to use but you can't manage all the resource objects with it but the important ones are there and in case you still need a cube cdl to do changes that the ui can't do they also added a nice button in their ui to open a shell with cube cdl directly in the web interface without needing a terminal application and that could be very useful if you're accessing kubernetes from a workstation or laptop where you don't have a valid certificate stored on your cube cdl config potainer also has a new very cool feature that kubernetes doesn't offer by itself the integration of git because you can't just deploy applications with the ui or manifests you can also automate the deployment of your setups with git repositories so this is something highly compelling in my opinion and it really stands out because if you want to automate resource deployments you could have of course use ci cd pipelines or integrate other automation tools like ansible or terraform but those tools aren't always easy to learn and you also need sometimes other resources or processes to integrate them so in portena it's just very easy to link an existing git repository and automate the deployment of resources so i created another git repository that is called git ops test and this contains a yaml file with some kubernetes manifests i want to automatically deploy with portainer on my kubernetes cluster so you can see there is an example deployment of an nginx web server so this will just run a simple a web server and expose a custom html page the html page is stored in a config map and i also want to use my traffic ingress controller to expose this publicly with trusted ssl so all the configuration is done inside this a single dml file and i know i want to automatically deploy this with portena so the way it should work is you should first of all create a new namespace for that so let's go into here and let's create the namespace git ops for example let's let's call it get ops test i don't need any resource assignment so let's start with creating the namespace and now i want to go into the applications and create a new application from manifest files i want to pull down from my git repository so first i want to select the github's test namespace i want to call it get ops test for example and now the git repository is automatically selected it should be in the kubernetes format so because i'm using kubernetes manifests here and i now need to pass the repository url this can be on a github this can be on git labs or on your custom host git server it doesn't really matter where you're hosting it but because i'm running this in my github repository i will just copy this url paste it here and i also should refer to the heads masters this is important if you want a reference to any specific branches so if you want to deploy a staging or development branch you can also do that and just refer to different branch and the manifest path is just a path of the files you can also add additional paths for example if you want to separate your resources in different manifest files you can also do that and add any secondary or third manifest file to deploy you can also add any authentication here so i need to do this because this git repository is private so on github there is a feature which is called an access token so i need to find that ah so i found it now it was hidden in the developer settings and then in the personal access token settings so let's generate a new token it's called this portena git ops test for example let's make this valid for 30 days and it's okay to select the scope of the repository i guess so let's generate this and copy this token into the personal access token i also need to specify my username and then i can select if i want to do automatic updates and select a fetch interval so how frequently pertainer will automatically check if there are any changes on your git repository and it will automatically just redeploy the application so let's just pick two minutes here for example and just deploy this and this is now up and running let's see if i can access it and this is working this is now the test page for engine x so the source code of this page is in the git repository and i stored it in a config map so you can see that the conflict map contains the source code of the web page so let's try to make a change but not inside kubernetes inside our git repository and then portaino should automatically pull this within the next two minutes so let's just add another html section let's just add a button yeah okay so let's commit the changes and now we need to wait until the deployment has been updated okay so you can see the button is now there pertainer automatically updated everything and pulled down the changes from the git repository so this is a feature i'm probably the most excited about because i believe this is something really useful that pertainer adds on top of all the other cool management features it already has you can do so many cool things with that you can integrate that into your automation workflows or into your development processes if you are deploying and managing infrastructure without the need of having a huge ci cd pipeline or complicated workflow you can just use sportainer and start managing infrastructure in an automated way and use git repositories for doing this so what else do i have to say about porteno on kubernetes well it's just as great as on docker it's simple it's intuitive and it's powerful it can do everything you can do in kubernetes so you still might need cube cdl sometimes but it is in my opinion the most accessible web ui for kubernetes that does offer most of the essential management utilities by the way if you want to see more videos about kubernetes or other tools like rancher for example which should be also very interesting i will soon start working on it so the next task will be to deploy a production kubernetes cluster in the cloud and migrate most of my online services to it so that will be a massive project for me and i also want to set up kubernetes in my home lab that i'm currently building so there are enough projects that i've planned for the following year but for now that should be enough so i hope you enjoyed this video and thanks everybody for watching i will of course catch you in the next one take care bye

Info

Channel: The Digital Life

Views: 2,803

Rating: undefined out of 5

Keywords: gitops kubernetes example, how to install kubernetes dashboard, kubernetes dashboard, kubernetes dashboard install, kubernetes dashboard setup, kubernetes dashboard tutorial, kubernetes deployment, kubernetes portainer, kubernetes services, kubernetes web ui, manage kubernetes web ui, portainer kubernetes, portainer kubernetes tutorial, rancher kubernetes

Id: gHHIAprNVmk

Channel Id: undefined

Length: 17min 13sec (1033 seconds)

Published: Tue Dec 14 2021